Eighty-five per cent of Australian organisations have already experienced a data breach, according to the Australian edition of the 2016 Vormetric Data Threat Report, well ahead of the global average of 61 per cent.
Thirty-one per cent of Australian organisations had been breached in the last year, also ahead of the global average of 22 per cent.
The report was conducted in conjunction with analyst firm 451 Research, reporting responses from senior IT security at large enterprises worldwide.
Perhaps not surprisingly given these statistics, Australian organisations also had the highest rate worldwide of feeling ‘very or extremely’ vulnerable at 54 per cent.
As the most important reasons for securing sensitive data, top responses were ‘compliance’, nominated by 51 per cent of Australian organisations, ‘reputation and brand protection’ (39 per cent), and ‘this organisation has experienced a data breach in the past’ (37 per cent).
The report showed that Australian organisations continue to strongly associate compliance with security, despite data breaches continuing to affect organisations that have been certified as compliant.
Garrett Bekker, senior analyst, information security, at 451 Research and the author of the report, said, “Compliance does not ensure security. As we learned from data theft incidents at companies that had reportedly met compliance mandates (such as KMART Australia, Vodafone, David Jones and Woolworths), being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen. Australian organisations don’t seem to fully appreciate this, with more than half (51 per cent) rating compliance as a top reason for protecting data, and with compliance the topmost IT security spending priority (52 per cent).”
Bekker said another concern is that planned increases in security spending to protect data at 50 per cent, are below any other region surveyed except for Japan at 32 per cent.
When it comes to where Australian organisations plan to increase their IT security spending over the next 12 months, ranking highest are ‘network defences’ (32 per cent), ‘analysis and correlation tools’ (32 per cent) and ‘endpoint and mobile defences’ (29 per cent). Vormetric argues that this is an ineffective use of investment.
“Enterprises and public sector organisations are being asked to better safeguard confidential and sensitive information,” said Tina Stewart, vice president of marketing for Vormetric. “It’s therefore surprising that companies continue to use the same perimeter-based tools that consistently fail against modern, multi‐layered attacks. Technology that concentrates fundamentally on controlling access to data and protecting data is a far more effective approach.”
The research report is available from Vormetric and can be found here.